Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/nPtNOVhjTVbNoPzqUJGa-Eqnb0Y.roa
File:                     nPtNOVhjTVbNoPzqUJGa-Eqnb0Y.roa (raw, json)
Hash identifier:          Yuz9f1rxV7S4atM+GycUQVhSQinvjc3oT1lXV1zOVuE=
Subject key identifier:   9C:FB:4D:39:58:63:4D:56:CD:A0:FC:EA:50:91:9A:F8:4A:A7:6F:46
Certificate issuer:       /CN=cb645bc0fdb8626bce2c0425c4087b54e150d386
Certificate serial:       01960AC1B7A62B401D85CF12DAC1BEA5CAF0
Authority key identifier: CB:64:5B:C0:FD:B8:62:6B:CE:2C:04:25:C4:08:7B:54:E1:50:D3:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/nPtNOVhjTVbNoPzqUJGa-Eqnb0Y.roa
Signing time:             Sun 06 Apr 2025 10:59:49 +0000
ROA not before:           Sun 06 Apr 2025 10:59:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210924
IP address blocks:        185.210.157.0/24 maxlen: 24
                          2a14:c100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 09:59:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:0a:c1:b7:a6:2b:40:1d:85:cf:12:da:c1:be:a5:ca:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb645bc0fdb8626bce2c0425c4087b54e150d386
        Validity
            Not Before: Apr  6 10:59:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cfb4d3958634d56cda0fcea50919af84aa76f46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:40:e1:55:b7:99:2d:92:a6:4d:a0:e0:15:5a:
                    6f:38:7c:aa:9b:4e:8d:ec:dc:ba:c6:db:19:14:33:
                    94:d7:34:46:37:3b:33:42:23:a6:81:b3:ea:03:ec:
                    b7:b0:9f:8d:0b:1f:31:3c:12:2f:be:58:81:be:99:
                    e9:74:ea:0a:14:25:a6:d4:aa:1d:f5:c9:d8:cf:3d:
                    7f:53:ef:e1:c7:cc:39:88:87:6a:ab:9c:9b:77:06:
                    cf:0c:0a:1e:c7:2f:66:1f:37:b5:54:35:a0:77:5b:
                    42:42:41:2d:3b:31:4c:1a:66:ed:ff:34:a0:b1:b5:
                    5f:15:b9:99:db:18:33:f8:8e:39:3d:44:fb:f1:96:
                    fc:86:71:bf:0f:b1:c8:48:c5:8c:50:bf:ea:a0:ec:
                    b8:60:ff:62:30:37:fa:df:8f:04:55:fe:f3:ad:ba:
                    72:e0:cc:f2:bb:9c:5f:2c:d7:79:8a:b2:df:55:ae:
                    f9:7d:61:7b:f6:93:4e:5a:f3:ca:9d:b2:0f:73:44:
                    43:b0:01:4a:b2:16:14:17:9d:a9:9b:7a:58:f3:42:
                    18:6c:c1:0a:e4:26:fa:70:45:6b:01:65:66:c6:63:
                    38:59:d6:79:11:74:b4:0f:2b:06:4d:bb:50:95:d7:
                    ee:b8:bd:17:da:7b:4e:d5:40:3b:f9:ea:e7:ee:cb:
                    3d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:FB:4D:39:58:63:4D:56:CD:A0:FC:EA:50:91:9A:F8:4A:A7:6F:46
            X509v3 Authority Key Identifier:
                keyid:CB:64:5B:C0:FD:B8:62:6B:CE:2C:04:25:C4:08:7B:54:E1:50:D3:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/nPtNOVhjTVbNoPzqUJGa-Eqnb0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.157.0/24
                IPv6:
                  2a14:c100::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:19:ee:2e:9b:06:51:b1:33:37:0b:fb:e2:82:40:1e:81:a2:
         93:1c:0d:60:ee:cb:32:6e:e6:f5:9a:04:1d:9b:c4:22:31:0f:
         12:54:52:f4:7e:1b:da:d3:52:01:1e:11:c0:d2:aa:05:67:da:
         3a:7b:83:cb:3d:0a:8a:8c:58:bb:cf:e2:3f:3a:f5:9d:51:80:
         c1:c1:2e:34:97:64:40:59:2f:e7:65:5e:b4:5d:88:39:a8:92:
         3d:09:fb:1f:a7:e1:10:67:20:b3:32:52:42:86:b1:f3:08:64:
         88:f6:9f:04:62:80:44:2f:2b:aa:b5:ed:23:84:34:73:d2:a2:
         29:f0:7a:3d:a3:c9:27:64:8f:a6:be:e8:d1:a4:b3:d3:90:da:
         0f:e8:d1:0a:32:4b:78:1a:3b:4b:73:4f:cb:50:0e:94:ce:1f:
         83:44:d7:24:21:20:0e:68:93:ea:11:0d:3f:ee:0c:4f:e4:06:
         a7:c8:45:54:2a:e4:5b:e7:b0:81:db:56:ae:69:6d:c3:fd:a2:
         70:be:6f:f3:dc:a8:67:b9:16:6a:1d:64:90:eb:12:49:66:43:
         1d:81:39:1e:13:14:7d:cf:f0:8d:98:40:9f:f7:50:4e:72:47:
         7d:03:b8:5a:3e:8d:ba:ab:1b:11:29:07:d9:b4:fc:e4:da:ad:
         80:24:b9:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZYKwbemK0Adhc8S2sG+pcrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjQ1YmMwZmRiODYyNmJjZTJjMDQyNWM0MDg3YjU0ZTE1
MGQzODYwHhcNMjUwNDA2MTA1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ZiNGQzOTU4NjM0ZDU2Y2RhMGZjZWE1MDkxOWFmODRhYTc2ZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkDhVbeZLZKmTaDgFVpvOHyqm06N
7Ny6xtsZFDOU1zRGNzszQiOmgbPqA+y3sJ+NCx8xPBIvvliBvpnpdOoKFCWm1Kod
9cnYzz1/U+/hx8w5iIdqq5ybdwbPDAoexy9mHze1VDWgd1tCQkEtOzFMGmbt/zSg
sbVfFbmZ2xgz+I45PUT78Zb8hnG/D7HISMWMUL/qoOy4YP9iMDf6348EVf7zrbpy
4Mzyu5xfLNd5irLfVa75fWF79pNOWvPKnbIPc0RDsAFKshYUF52pm3pY80IYbMEK
5Cb6cEVrAWVmxmM4WdZ5EXS0DysGTbtQldfuuL0X2ntO1UA7+ern7ss9IwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJz7TTlYY01WzaD86lCRmvhKp29GMB8GA1UdIwQY
MBaAFMtkW8D9uGJrziwEJcQIe1ThUNOGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJSYndQMjRZbXZPTEFRbHhBaDdWT0ZRMDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81N2JmODktZmUzYi00YzIxLThmZmIt
ZTg3NTRkMDA1ZWJlLzEvblB0Tk9WaGpUVmJOb1B6cVVKR2EtRXFuYjBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81N2JmODktZmUzYi00YzIxLThmZmItZTg3NTRkMDA1ZWJl
LzEveTJSYndQMjRZbXZPTEFRbHhBaDdWT0ZRMDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudKdMA0E
AgACMAcDBQMqFMEAMA0GCSqGSIb3DQEBCwUAA4IBAQBfGe4umwZRsTM3C/vigkAe
gaKTHA1g7ssybub1mgQdm8QiMQ8SVFL0fhva01IBHhHA0qoFZ9o6e4PLPQqKjFi7
z+I/OvWdUYDBwS40l2RAWS/nZV60XYg5qJI9Cfsfp+EQZyCzMlJChrHzCGSI9p8E
YoBELyuqte0jhDRz0qIp8Ho9o8knZI+mvujRpLPTkNoP6NEKMkt4GjtLc0/LUA6U
zh+DRNckISAOaJPqEQ0/7gxP5AanyEVUKuRb57CB21auaW3D/aJwvm/z3KhnuRZq
HWSQ6xJJZkMdgTkeExR9z/CNmECf91BOckd9A7haPo26qxsRKQfZtPzk2q2AJLlF
-----END CERTIFICATE-----